Rightscorp Doth Protest Too Much: Using the DMCA as a Bulldozer

Cable and internet service provider Cox Communications was sued last week on the grounds that its customers have been torrenting music illegally. Cox is far from unique in this; it’d be hard to imagine any internet provider (including the federal government) not having some customers infringing copyrights. The reason we don’t see such suits all the time is because of the safe harbor provisions of the Digital Millennium Copyright Act (DMCA).

Those are the laws that give us the notice-and-takedown system for online hosts, but—more relevant to this case—they also give a broader protection to ISPs like Cox Communications. ISPs and other services that merely serve as conduits for transmitting data between customers simply aren’t held responsible for what their users might do, as long as they’re not the ones picking and choosing what their customers get (perhaps one reason why it’s in their interest to keep their networks neutral). But that “safe harbor” is only available after the ISP

Has adopted and reasonably implemented…a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers…

And in this lawsuit, the plaintiffs are claiming that Cox failed to implement just such a policy.

No, Cox isn’t particularly dense; they didn’t forget to put one up; the plaintiffs simply say that Cox’s policy isn’t good enough because they’re not kicking people off the internet as often as they should. The evidence for this is that plaintiffs keep sending notices of infringement to Cox, and keep seeing the same IP addresses still seeding infringing torrents.

The way the complaint puts it, Cox is failing to account for all the notices it’s getting from the plaintiffs. For instance, they claim to have sent 54,489 notices to Cox that one particular user was infringing their copyrights all within a 64 day period.

That large number is intended to be a signal to the court that Cox is turning a blind eye to this, but look at that again. 54,489 notices sent to Cox over the course of 64 days. That’s over 850 notices a day. Keep in mind, Cox has no way of knowing how many of those are duplicates, how many of them are relevant to the same user, or even if the right user was targeted. But the complaint acts as if their mere sending of a notice is enough to make someone an “infringer,” and that sending multiple notices means they’re a “repeat infringer.”

A quick side note might be illuminating: the case is titled BMG Rights Management & Round Hill Music v. Cox Enterprises, but the name at the center of the case is Rightscorp, the company that BMG and Round Hill have hired to do their copyright enforcement for them. Rightscorp has made quite a reputation for itself with its aggressive tactics (in some cases, enough to garner a class action suit against them for violating anti phone harassment laws). Its “takedown notices,” for example, also double as demand letters, which they want service providers to pass on to their users. (Since Rightscorp only has IP addresses, it needs the ISP to be able to correlate the IP address to the subscriber.) Those letters then demand settlement payments of a small amount, while threatening severe statutory damages in a trial if payment isn’t made. Most people aren’t willing to take the time and energy, not to mention the expense, of fighting a court battle, so they’ll pay the smaller amount.

What this means is that Rightscorp is in the business of sending massive numbers of notices. It’s a shotgun, or dragnet, approach, depending upon your particular metaphor. According to this story, they’re sending hundreds of thousands, if not millions, of notices. It’s apparently their main source of revenue, so at $20 per settlement, volume is the name of the game. And if an ISP doesn’t want to turn into a massive process server? Well, apparently, they get sued, safe harbors be damned.

Basically, Rightscorp’s argument boils down to the idea that you can plow right through the DMCA safe harbors if you slam the ISP with enough notices of alleged infringement.

This does not seem to be the sort of system Congress intended. If the entire point of the safe harbors was that online providers shouldn’t have to invest the time and resources to sift through all of their customers’ data for infringement (not to mention the privacy alarm bells that begin ringing), it hardly makes sense that they lose those safe harbors because someone starts flooding their inbox with allegations. You don’t get an exception to the law by just being sufficiently annoying.

The legal questions involved in this case will likely center around how you define a “repeat infringer.” It seems most logical that for someone to be considered an infringer, they actually have to have been found liable for copyright infringement, and not merely been accused of it. But beyond that argument is the common-sense notion that you don’t get to ditch a legal protection because it’s not working when you’re the one breaking it in the first place. Rightscorp’s model isn’t designed to accurately determine whether or not someone was infringing; it’s designed to sweep in as many potential and alleged infringers as it can. Forcing the ISP to make these determinations instead (or simply take Rightscorp’s word for it) is to place Rightscorp in the position of judge and jury, and to outsource the execution.

One final note: the complaint is simply incredulous that Cox’s privacy counsel would advise against forwarding its notices-cum-demand letters. The fact that it’s Cox’s privacy counsel, and not their IP counsel, saying this should tell you about the interests at stake here. Cox actually has a legal duty to protect the privacy of its customers’ information, and not turn it over absent a court order to just any old company to bluster along.

The complaint is a fun read, but it’s worth remembering that this is just the opening round of litigation. What’s alleged in the complaint is what the plaintiffs believe—far from an objective set of facts. And given Rightscorp’s history with the law, what’s alleged within should be taken with a hearty grain of salt.